Which Meterpreter command dumps the local SAM database to the screen?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which Meterpreter command dumps the local SAM database to the screen?

Explanation:
The local Security Account Manager (SAM) database contains the password hashes for local Windows accounts. The hashdump command in Meterpreter reads that SAM data (and related sources) and prints the retrieved account hashes to the screen. This is exactly what you need when you want to obtain password hashes for offline cracking or pass-the-hash tactics. The other commands perform different tasks: timestomp alters file timestamps, ps lists running processes, and Get-PID shows the Meterpreter process ID. So hashdump is the command that directly dumps the SAM hashes to the screen.

The local Security Account Manager (SAM) database contains the password hashes for local Windows accounts. The hashdump command in Meterpreter reads that SAM data (and related sources) and prints the retrieved account hashes to the screen. This is exactly what you need when you want to obtain password hashes for offline cracking or pass-the-hash tactics. The other commands perform different tasks: timestomp alters file timestamps, ps lists running processes, and Get-PID shows the Meterpreter process ID. So hashdump is the command that directly dumps the SAM hashes to the screen.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy